CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6523
https://notcve.org/view.php?id=CVE-2019-6523
05 Feb 2019 — WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. WebAccess/SCADA, en la versión 8.3, no sanea adecuadamente sus entradas para comandos SQL. • http://www.securityfocus.com/bid/106722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18999
https://notcve.org/view.php?id=CVE-2018-18999
19 Dec 2018 — WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. WebAccess/SCADA, WebAccess/SCADA en su versión 8.3.2 instalada en Windows 2008 R2 SP1. La falta de validación adecuada de entradas proporcionadas por el usuario podría permitir que un atacante provoque el desbordamiento de un búfer de la pila. • http://www.securityfocus.com/bid/106245 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-5445 – Advantech WebAccess Node certUpdate filename Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5445
25 Jan 2018 — A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. Se ha descubierto un problema de salto de directorio en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. Un atacante tiene acceso de lectura a archivos en la estructura de directorio del dispositivo objetivo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installat... • http://www.securityfocus.com/bid/102781 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5443 – Advantech WebAccess Node uMailLogin Proj SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-5443
25 Jan 2018 — A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. Se ha descubierto un problema de inyección SQL en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. WebAccess/SCADA no sanea adecuadamente sus entradas para comandos SQL. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. • http://www.securityfocus.com/bid/102781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •